CSP - IT Rep - Development and Modification of Software Applications

Last updated: February 1, 2023
 
Development & Modification of Software Applications  
 

34. Software Application Security Checklist

Is there a process in place to ensure that, prior to storing or accessing UBC Electronic Information, a Software Application Security Checklist is completed for all new or substantially modified applications that store or access Medium, High or Very High-Risk Information?

Why is this Essential?

When purchasing, designing or substantially modifying Software Applications, it is important that security requirements are understood, documented and implemented at the earliest appropriate stage of the project. This is substantially cheaper and more effective than trying to apply security controls retroactively.


Reference Links​
Development and Modification of Software Applications
Software Application Security Checklist

Instructions​

Here are some examples of substantially modified applications:

  • Granting access privileges to Medium, High or Very High Risk Information to new categories or groups of individuals
  • outsourcing management, storage or security of Medium, High or Very High Risk Information to an external service provider
  • changing how Medium, High or Very High Risk Information is collected, used or displayed
What is Acceptable?

IT support staff are aware of the checklist and are known to utilize as part of the implementation/release process.


 

35. Website Naming

Are all the online sites/tools/applications/services delivered by the unit I represent in the ubc.ca domain space?

Why is this Essential?

Web Applications used to conduct University Business must be provisioned within the ubc.ca domain name space, e.g. widget.ubc.ca, unless not technically possible.

Placing applications in the ubc.ca domain space enables users to validate authentic UBC websites, significantly reducing the likelihood of users responding to phishing attempts. Further various cybersecurity services (including proactive monitoring) are only available to site in the ubc.ca domain space, so being outside the domain is likely to result in less secure web applications.


Reference Links​
myDNS FAQs
Subdomain Registration

Instructions​

N/A


What is Acceptable?

Web Applications used to conduct University Business must be provisioned within the ubc.ca domain name space, e.g. widget.ubc.ca, unless not technically possible.



Return to CSP Self-Assessment

Privacy Matters @ UBC

Safety & Risk Services | 2389 Health Sciences Mall
University Counsel | 6328 Memorial Road,
UBC Cybersecurity | 6356 Agricultural Road
E-mail privacy.matters@ubc.ca

UBC Crest The official logo of the University of British Columbia. Urgent Message An exclamation mark in a speech bubble. Caret An arrowhead indicating direction. Arrow An arrow indicating direction. Arrow in Circle An arrow indicating direction. Arrow in Circle An arrow indicating direction. Chats Two speech clouds. Facebook The logo for the Facebook social media service. Information The letter 'i' in a circle. Instagram The logo for the Instagram social media service. Linkedin The logo for the LinkedIn social media service. Location Pin A map location pin. Mail An envelope. Menu Three horizontal lines indicating a menu. Minus A minus sign. Telephone An antique telephone. Plus A plus symbol indicating more or the ability to add. Search A magnifying glass. Twitter The logo for the Twitter social media service. Youtube The logo for the YouTube video sharing service. Bell Warning